Whoever <whoever@wherever.invalid> wrote in
news:Xns9E7490C1A84E7somewhere@69.16.185.247:

> "Li'l Abner" <blvstk@dogpatch.com> wrote in
> news:Xns9E7481835892Bbutter@wefb973cbe498:
>>
>> I just cleaned up a computer that was infected with Antivirus8.
>> MalwareBytes pretty well did the trick since SuperAntispyware only
>> found a couple of cookies. I've checked IE and Firefox for redirects
>> and am not getting any. But I've got two problems that I haven't
>> figured out yet. One of them is that when the computer is first
>> booted, both Internet Explorer and Firefox both automatically open to
>> their home page (Google). I find nothing in msconfig that is starting
>> the browsers. The second thing is that when searching from Internet
>
>
> While MSCONFIG still has its uses I'd highly recommend using AUTORUNS
> instead. While there are ways to get around it as well, it has been
> far more useful in tracking down autostarting programs for me.
>
> http://technet.microsoft.com/en-us/s...rnals/bb963902
>
>
>> Explorer certain items will bring up a popup from Amazon just above
>> the system tray. See http://mewnlite.com/amazon.jpg for an example.
>> This does not occur with Firefox.
>> It's an Acer, Windows 7 32 bit Home Premium. He has AVG free as his
>> AV. I have not yet run any rootkit detectors since I don't see any
>> spymtoms (like redirects) that usually accompany a rootkit. If anyone
>> recognizes either of these behaviors and has a solution, feel free to
>> tell me about it!
>
>
> Sounds like scanning for a rootkit is a good idea. TDSSKiller is
> pretty
> much standard procedure for me these days, along with more generic
> rootkit scanners. As far as the popups, I usually strip IE down to its
> basics when I run into things like that. Uninstalling all the
> toolbars, resetting all of the settings, etc. I just finished cleaning
> one up where I had to uninstall all of the search providers, then
> reinstall them in order to clean up a search results hijacking
> problem. Or at least it appears to have cleared up the problem. I need
> to keep running it for another day or so to make sure it doesn't come
> back.

I did run TDSS at your suggestion and it found nothing.
I didn't mention it before, but MBam had found over a hundred instances
of PUP.dealio but it didn't checkmark them. I did though and got rid of
them. His homepages had both been SweetIM before I changed them to
Google. There were AVG, SweetIM, and Yahoo toolbars. I got rid of all of
those. And then Google Chrome was installed. He didn't know how that got
there. No doubt a drive by by Adobe. A also set IE back to defaults as
you suggested.
See my reply to Dave's short reply to you. That explains what the real
culprits turned out to be.
And thanks!



--
--- Everybody has a right to my opinion. ---